summaryrefslogtreecommitdiffstats
path: root/roles/docker/tasks/main.yml
blob: 57da23e0a41823cc05848dd9861bc1dfc983c71a (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
---
- name: Get current installed Docker version
  command: "{{ repoquery_cmd }} --installed --qf '%{version}' docker"
  when: not openshift.common.is_atomic | bool
  register: curr_docker_version
  changed_when: false

- name: Error out if Docker pre-installed but too old
  fail:
    msg: "Docker {{ curr_docker_version.stdout }} is installed, but >= 1.9.1 is required."
  when: not curr_docker_version | skipped and curr_docker_version.stdout != '' and curr_docker_version.stdout | version_compare('1.9.1', '<') and not docker_version is defined

- name: Error out if requested Docker is too old
  fail:
    msg: "Docker {{ docker_version }} requested, but >= 1.9.1 is required."
  when: docker_version is defined and docker_version | version_compare('1.9.1', '<')

- name: Get latest available version of Docker
  command: >
    {{ repoquery_cmd }} --qf '%{version}' "docker"
  register: avail_docker_version
  failed_when: false
  changed_when: false
  when: docker_version is defined and not openshift.common.is_atomic | bool

# If a docker_version was requested, sanity check that we can install or upgrade to it, and
# no downgrade is required.
- name: Fail if Docker version requested but downgrade is required
  fail:
    msg: "Docker {{ curr_docker_version.stdout }} is installed, but version {{ docker_version }} was requested."
  when: not curr_docker_version | skipped and curr_docker_version.stdout != '' and docker_version is defined and curr_docker_version.stdout | version_compare(docker_version, '>')

# This involves an extremely slow migration process, users should instead run the
# Docker 1.10 upgrade playbook to accomplish this.
- name: Error out if attempting to upgrade Docker across the 1.10 boundary
  fail:
    msg: "Cannot upgrade Docker to >= 1.10, please upgrade or remove Docker manually, or use the Docker upgrade playbook if OpenShift is already installed."
  when: not curr_docker_version | skipped and curr_docker_version.stdout != '' and curr_docker_version.stdout | version_compare('1.10', '<') and docker_version is defined and docker_version | version_compare('1.10', '>=')

# Make sure Docker is installed, but does not update a running version.
# Docker upgrades are handled by a separate playbook.
- name: Install Docker
  package: name=docker{{ '-' + docker_version if docker_version is defined else '' }} state=present
  when: not openshift.common.is_atomic | bool

- block:
  # Extend the default Docker service unit file when using iptables-services
  - name: Ensure docker.service.d directory exists
    file:
      path: "{{ docker_systemd_dir }}"
      state: directory

  - name: Configure Docker service unit file
    template:
      dest: "{{ docker_systemd_dir }}/custom.conf"
      src: custom.conf.j2
  when: not os_firewall_use_firewalld | default(True) | bool

- include: udev_workaround.yml
  when: docker_udev_workaround | default(False) | bool

- stat: path=/etc/sysconfig/docker
  register: docker_check

- name: Set registry params
  lineinfile:
    dest: /etc/sysconfig/docker
    regexp: '^{{ item.reg_conf_var }}=.*$'
    line: "{{ item.reg_conf_var }}='{{ item.reg_fact_val | oo_prepend_strings_in_list(item.reg_flag ~ ' ') | join(' ') }}'"
  when: item.reg_fact_val != '' and docker_check.stat.isreg is defined and docker_check.stat.isreg
  with_items:
  - reg_conf_var: ADD_REGISTRY
    reg_fact_val: "{{ docker_additional_registries | default(None, true)}}"
    reg_flag: --add-registry
  - reg_conf_var: BLOCK_REGISTRY
    reg_fact_val: "{{ docker_blocked_registries| default(None, true) }}"
    reg_flag: --block-registry
  - reg_conf_var: INSECURE_REGISTRY
    reg_fact_val: "{{ docker_insecure_registries| default(None, true) }}"
    reg_flag: --insecure-registry
  notify:
  - restart docker

- name: Set Proxy Settings
  lineinfile:
    dest: /etc/sysconfig/docker
    regexp: '^{{ item.reg_conf_var }}=.*$'
    line: "{{ item.reg_conf_var }}='{{ item.reg_fact_val }}'"
    state: "{{ 'present' if item.reg_fact_val != '' else 'absent'}}"
  with_items:
  - reg_conf_var: HTTP_PROXY
    reg_fact_val: "{{ docker_http_proxy | default('') }}"
  - reg_conf_var: HTTPS_PROXY
    reg_fact_val: "{{ docker_https_proxy | default('') }}"
  - reg_conf_var: NO_PROXY
    reg_fact_val: "{{ docker_no_proxy | default('') | join(',') }}"
  notify:
  - restart docker
  when:
  - docker_check.stat.isreg is defined and docker_check.stat.isreg and '"http_proxy" in openshift.common or "https_proxy" in openshift.common'

- name: Set various Docker options
  lineinfile:
    dest: /etc/sysconfig/docker
    regexp: '^OPTIONS=.*$'
    line: "OPTIONS='\
      {% if ansible_selinux and ansible_selinux.status == '''enabled''' %} --selinux-enabled{% endif %}\
      {% if docker_log_driver is defined  %} --log-driver {{ docker_log_driver }}{% endif %}\
      {% if docker_log_options is defined %} {{ docker_log_options |  oo_split() | oo_prepend_strings_in_list('--log-opt ') | join(' ')}}{% endif %}\
      {% if docker_options is defined %} {{ docker_options }}{% endif %}\
      {% if docker_disable_push_dockerhub is defined %} --confirm-def-push={{ docker_disable_push_dockerhub | bool }}{% endif %}'"
  when: docker_check.stat.isreg is defined and docker_check.stat.isreg
  notify:
  - restart docker

- name: Start the Docker service
  systemd:
    name: docker
    enabled: yes
    state: started
    daemon_reload: yes
  register: start_result

- set_fact:
    docker_service_status_changed: start_result | changed

- meta: flush_handlers